Enterprise Risk Management
VCU Process
What is Enterprise Risk Management?
 An organization-wide systematic approach to
identify and tactically manage risk.
 A best practice to prioritize risk and
implement processes to monitor risk.
 Movement from a traditional transactional
risk approach to a global, strategic approach.
 A framework to manage reputational risk.
1
Enterprise Risk Management
 Strategic Risk –
Strategic
Risk
Operational
Risk
Reputational
Risk
Compliance
Risk
Financial
Risk
high-level goals aligned
with the mission
 Operational Risk –
ongoing management
processes
 Financial Risk –
protection of assets
 Compliance Risk –
adherence to laws and
regulations
2
Enterprise Risk Management
Why should institutions implement ERM?
 Improve how it actively manages not only
financial and compliance risk, but also strategic
and reputational risk.
 Focus on risks that could prevent the institution
from successfully reaching the goals in the
strategic plan.
 Continue vision to be forward looking and
planning for the future.
3
Enterprise Risk Management
Possible ERM Approaches
 Current Risk Identification Approach
 Top-down, try to eliminate risk, silo approach
 Process-driven Approach
 Bottom-up, takes significant time and expense,
possible failure from being too detail oriented
 Measurement-driven Approach
 Middle-up, takes advantage of current experience,
uses current operational staff
4
Enterprise Risk Management
How will ERM progress at VCU?
1. Adopt a measurement-driven approach.
2. Establish interdisciplinary ERM Subject
Matter Teams.

Uses experienced staff from different areas to
cover subjects like HR, IT, Finance, Safety and
Facilities, Research, Academics, Student Affairs
3. ERM Subject Matter Teams brainstorm
possible risks.
5
Enterprise Risk Management
How will ERM progress at VCU?
4. ERM Executive Committee prioritizes Key
Risks.



Consists of Assistant Vice Presidents and senior
management levels.
May need to limit number of Key Risks to about
50 to sustain manageability.
Revisit risks periodically to add new risks or drop
less important risks.
6
Enterprise Risk Management
How will ERM progress at VCU?
5. Each Key Risk is assigned to a Process Owner.
 Process Owners help develop plans to manage each
Key Risk with operational managers.
6. Annually, Process Owners report on their plans
and progress to ERM Executive Committee for
approval.
 ERM Executive Committee includes the President and
Vice Presidents.
 Quarterly meetings to cover ¼ of Key Risks.
7
Enterprise Risk Management
How will ERM progress at VCU?
7. Annual Report on ERM progress to entire
Board of Visitors. Updates for Audit and
Compliance Committee at every meeting.



Discuss accomplishments and progress.
Discuss areas where residual risk is highest.
Ask for input on risk assessment.
8
Enterprise Risk Management
• Background on VCU’s Experience
• Interest and Charge; Complements Strategic Plan
• Tone at the Top: Board members, President, Vice Presidents
• White Paper – 8 pages based on other Universities’ ERM
Experiences
• President’s Website with ERM section (www.ERM.vcu.edu)
• ERM Implementation Committee using a higher education
ERM consultant to assist with ERA and RMM Kick-off
• RFP selection process wrapping up
9
Enterprise Risk Management Timeline
• Oct. 2013
Develop and evaluate RMM plans; provide
feedback to responsible areas
• Dec. 2013 Present update to President and VPs
• Feb 2014 Present RMM plans to BOV’s Audit and
Compliance Committee
10
Enterprise Risk Management
ERM Program Organization
• Board of Visitors Updates
• Executive Management – VPs Risk and Plan responsibility
• Senior Sponsors: VP Finance and Administration &
Executive Director, Assurance Service
• ERM Implementation Committee
• ERM Executive Committee
12
Enterprise Risk Management Timeline
• May 2012
• June 2012
• Aug. 2012
• Oct. 2012
• Nov. 2012
Present ERM Whitepaper to Board of Visitors
Establish ERM Implementation Committee
Conduct interviews with leading ERM universities
Develop scope of work statement and vendor
evaluation criteria for consultant RFP
Develop web site
Evaluate RFP responses, award contract
Communicate Presidential support and
expectations to key stakeholders
Begin ERM implementation process with vendor
13
Enterprise Risk Management Timeline
• Jan. 2013
• Feb. 2013
• Mar. 2013
• April 2013
• May 2013
• June 2013
Develop subject area work groups and conduct
interviews
Develop list of risks and assess impact of
mitigating controls
Consolidate risks by Associate VP for prioritization
Present highest 10 risks to President and VPs
Assign ownership of risks
Conduct workshops on risk management and
mitigation(RMM) plans
14
Enterprise Risk Management
How will ERM benefit VCU?
 A tool to successfully implement Quest for
Distinction.
 Create quick, decisive, resilient plans to react
to unexpected occurrences.
 Assurance to stakeholders that VCU is doing
what it can to be ready for the future.
15